UTMB Health at Galveston disclosed a ransomware event in July 2024 affecting administrative and clinical systems. Approximately 420,000 patient records were identified in scope after forensic investigation.
Compromised vendor remote access account used to gain foothold. Ransomware deployed across administrative and clinical networks — suggesting insufficient segmentation between vendor access zone and patient data systems.
Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →
| Regime | Standard / Citation | Gap Identified |
|---|---|---|
| HIPAA | 45 CFR §164.308(b) | Business associate management — vendor remote access lacked documented security requirements |
| HIPAA | 45 CFR §164.312(a) | Access control — vendor access to PHI-containing systems not scoped to minimum necessary |
| TDPA | Tex. B&C Code §521.053 | 420,000 TX patient notifications required |
CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.
Free $2,500 security posture assessment for Texas organizations. We map your gaps against the same attack vectors used in this incident. No contract, no commitment.